Adium

Ticket #559 (new enhancement)

Opened 3 years ago

Last modified 4 months ago

GPG encryption

Reported by: adium-fg-164@baraddur.de Assigned to: anybody
Priority: low Milestone: Good idea for "later"
Component: El Vision del Tick Version:
Severity: normal Keywords: GPG, GnuPG, PGP, encryption
Cc: Patch: None
Pending: 0

Description (Last modified by tick)

I would like to see end-to-end GnuPG(4*)-based encryption in Adium, compatible with other PSI/Jabber users. No sensible data should be passed over a unencrypted protocol. All IM-protocols are unencrypted. GnuPG for e-mail has a esthablished Web-Of-Trust which could be positivily adapted by the IM-protocol world.

There are 3 implementations to solve this problem:

  1. PSI(3*) and maybe other IM clients implement jep-27 (1*). "This document outlines the current usage of OpenPGP for messaging and presence."
  2. There is rfc-3923 (2*) which suggests: "End-to-End Signing and Object Encryption for the Extensible Messaging and Presence Protocol (XMPP)". (Afaik, it is not implemented)
  3. GAIM is using a gaim-only solution with a plugin.

Maybe I am wrong here so please tell my if need to contact the libgaim people.

[1] http://www.jabber.org/jeps/jep-0027.html

[2] http://www.ietf.org/rfc/rfc3923.txt

[3] http://psi.affinix.com/

[4] http://www.gnupg.org/

Change History

06/17/2005 08:06:45 PM changed by adamiser

  • summary changed from adium to end-to-end GnuPG[4]-based encryption.

07/20/2005 05:47:18 PM changed by durin42

  • priority changed from normal to low.
  • milestone deleted.

maybe some day, this would be nice

08/04/2005 08:18:33 AM changed by rzigweid@zigweid.net

When I installed the PGP client for OS X, I noticed that it catches that one is using IM and says that it is starting an encrypted session. This is a feature that iChat uses too. From a birds eye view, it looks like the only thing that is missing is the ability to turn on the encryption for a chat session. I fully realize that this is a nieve and uninformed impression. There is more to it than that, but maybe less than originally was thought. I'd love to be able to plug this in. I choose Adium over iChat for a variety of reasons, but lacking the ability to encrypt seamelessly in AIM is a downer to me.

Remember, it's not paranoia if you know they are after you.

08/11/2005 08:20:51 PM changed by dcclark

  • keywords set to GPG, GnuPG, PGP, encryption.

11/02/2005 12:07:29 PM changed by cbarrett

This OTR page outlines reasons why simply encrypting the traffic is not sufficient.

That being said, a way to exchange (and verify) PGP signatures might be something worth looking into. Mostly as a way of establishing and proving identity.

I would be interested to know what the OTR team thinks of combining keyed encryption techniques with their wire protocol.

11/11/2005 04:17:14 PM changed by tick

  • milestone set to Sometime after 1.0.
  • field_haspatch changed.

02/10/2006 02:49:09 PM changed by anonymous

i second this request as i have some chatpartners who uses otr and others who uses JEP-0027

02/10/2006 02:53:48 PM changed by anonymous

i second this request as i have some chatpartners who uses otr and others who uses JEP-0027

02/12/2006 08:50:25 PM changed by gaber@gentoo.pl

I belive in pgp in adium. :-)

03/16/2006 07:02:27 PM changed by yetzt

i *really* want this.

03/21/2006 05:07:23 PM changed by anonymous

I need that too. Started using gpg for my mails, so the next logical step would be encrypting IM. And since I have to take care of gpg certificates allready it would be great not to have to use some other kind of PK infrastructure for IM.

(follow-up: ↓ 27 ) 03/29/2006 06:31:27 AM changed by anonymous

The lack of this feature is the main showstopper why I cannot use Adium and have to use Psi instead, which integrates much worse with MacOS X.

04/02/2006 08:25:39 AM changed by anonymous

i second that request too

04/11/2006 09:56:18 PM changed by anonymous

me too....add it and i will try it out, if not i'm not downloading it

04/22/2006 07:30:40 AM changed by jojoo

this is the only reason why i skipped to PSI. i really really want this

04/22/2006 08:37:45 AM changed by cbarrett

I am confused as to what exactly PGP will give you that OTR cannot.

05/10/2006 03:29:13 AM changed by Sebastian Steinmetz

PGP is more common? Encryption via Jabber is always GPG, not OTR. In fact, i know no one, who is actually using OTR.

I would be very glad, if this could be implemented in Adium!

(follow-up: ↓ 30 ) 05/14/2006 02:57:44 PM changed by nox

The most crucial thing Adium is lacking at the moment is in my opinion end-to-end encryption using GnuPG like Psi/Jabber.

Using PGP is the obvious choice of encryption-algorithm, GnuPG is the unofficial standard among PGP-users. It's all good and well that Adium is extremely cute, but it would be superior if it was capable of gpg-crypto.

PGP has a way of establishing trust and identity-confirmation (just do a quick google on pgp trust) It is widely used among PGP-users.

Using OTR for Adium would make people have to force other people to change or use other crypto in their clients as some of them already use GnuPG.

I'm all in favor of OTR, but I think that GnuPG-support should be implemented first. After that it would be great if OTR were to be implemented aswell.

(follow-up: ↓ 26 ) 05/14/2006 02:59:59 PM changed by nox

PS: I have no understanding to why this has a low priority-rating, it should be high.

(follow-ups: ↓ 21 ↓ 22 ) 05/14/2006 03:25:28 PM changed by anonymous

It's low priority because OTR is implemented and serves this function for most people who need it.

(in reply to: ↑ 20 ) 08/07/2006 05:57:41 PM changed by anonymous

I would love to be able to have GPG encrypted sessions with Adium users. I know that a number of my peers would like this as well.

(in reply to: ↑ 20 ; follow-up: ↓ 24 ) 08/13/2006 02:31:52 PM changed by anonymous

Replying to anonymous:

It's low priority because OTR is implemented and serves this function for most people who need it.

sorry, but I don't see this point either. gnupg is way better and more secure than otr. a lot of people are asking for this feature. so what is adium keeping from becoming perfect?

(follow-up: ↓ 25 ) 08/16/2006 07:22:26 PM changed by anonymous

A standard end-to-end-encryption based on gpg/pgp would be _the_ argument to use Aduim. The only other client I know has this ability is Psi, and that is nowhere near perfect in terms of UI and usability. I think it´s highly unhygienic to blow out unencrypted information over the net. Please set this priority higher!

(in reply to: ↑ 22 ) 08/16/2006 07:31:30 PM changed by tick

  • component changed from Core Adium to El Vision del Tick.

Replying to anonymous:

Replying to anonymous:

It's low priority because OTR is implemented and serves this function for most people who need it.

sorry, but I don't see this point either. gnupg is way better and more secure than otr.

Do you have documentation to back this claim up?

(in reply to: ↑ 23 ) 08/16/2006 07:32:14 PM changed by tick

Replying to anonymous:

I think it´s highly unhygienic to blow out unencrypted information over the net.

Can you please explain this?

(in reply to: ↑ 19 ) 08/16/2006 07:32:52 PM changed by tick

Replying to nox:

PS: I have no understanding to why this has a low priority-rating, it should be high.

We have higher priority issues to deal with.

(in reply to: ↑ 12 ) 08/16/2006 07:35:36 PM changed by tick

Replying to anonymous:

The lack of this feature is the main showstopper why I cannot use Adium and have to use Psi instead, which integrates much worse with MacOS X.

Fire also has GPG as far as I know.

08/16/2006 07:39:38 PM changed by tick

  • description changed.

Fixing the description to not link to commits.

08/16/2006 07:42:08 PM changed by tick

  • summary changed from end-to-end GnuPG[4]-based encryption to GPG encryption.

Fixing the summary as well. Most people know GnuPG is GPG, and if not they'll see this change anyhow.

(in reply to: ↑ 18 ) 08/16/2006 07:44:34 PM changed by tick

Replying to nox:

Using OTR for Adium would make people have to force other people to change or use other crypto in their clients as some of them already use GnuPG. I'm all in favor of OTR, but I think that GnuPG-support should be implemented first. After that it would be great if OTR were to be implemented aswell.

These two comments conflict. First you say that you dislike the fact that OTR forces folks to use OTR, but then you say that you are all in favor of OTR.

We already have OTR, so being in favor of one or the other doesn't really help in this situation.

(follow-up: ↓ 32 ) 08/16/2006 07:47:08 PM changed by cbarrett

OTR is a far superior encryption technique for Instant Messaging. See http://www.cypherpunks.ca/otr/#faqs for more details. GPG/PGP is great for Email and other things, but on IM, OTR is much better.

(in reply to: ↑ 31 ) 08/16/2006 09:58:47 PM changed by tick

Replying to cbarrett:

OTR is a far superior encryption technique for Instant Messaging. See http://www.cypherpunks.ca/otr/#faqs for more details. GPG/PGP is great for Email and other things, but on IM, OTR is much better.

Specifically, this on looks useful: http://www.cypherpunks.ca/otr/otr-codecon.pdf

(follow-up: ↓ 34 ) 08/31/2007 08:59:22 PM changed by yetzt

still want this.

(in reply to: ↑ 33 ) 08/31/2007 09:55:06 PM changed by tick

  • patch_status set to None.
  • pending changed.

Replying to yetzt:

still want this.

Care to put more emphasis on it and offer a bounty?

http://trac.adiumx.com/wiki/Bounties

09/14/2007 08:47:21 PM changed by moehnetiger

Would it be possible to add PGP/GPG support through a thrid party plug-in? I think that would be a good solution for this problem:

-The Adium-Team could continue to focus on OTR (which is in my opinion the better encryption for IM).

- And people who prefer GPG/PGP over OTR could just by installing a plug-in and would get their preferred encryption. (of course someone would still have to write the plugin first ;) )

09/16/2007 01:24:09 AM changed by cbarrett

I believe it's possible to implement as a third party plugin. Adium and libpurple are both quite modular.

09/20/2007 07:21:51 AM changed by adium

i second this request, too. it's not that gpg support is "better" than "otr", it's just for interoperability reasons.

dont replace otr with gpg - but having it as an additional option would be awsome. one more step for adium world domination (okay - just for nerds, but anyway) :-)

*VOTE* :-)

11/01/2007 03:08:03 PM changed by yetzt

ok, here is my inital bounty:

$20 for implementing this feature request.

please increase :)

11/15/2007 03:17:56 PM changed by yetzt

please add this to http://trac.adiumx.com/wiki/Bounties

12/04/2007 08:21:36 PM changed by Benjamin Melançon

+$20

05/15/2008 08:38:22 AM changed by djmori